I’m a Software Security Engineer at Qualcomm, where I build and maintain the security execution stack of their chipsets.
Previously, I did my PhD with the VUSec group at VU Amsterdam, where I devised techniques to track data and uncover vulnerabilities. Before that, I did my MS at UC San Diego, where I hacked on avionics equipment and compiler internals with the security group. And before, I did my BS at the University of Arizona, where I poked around with code deobfuscation and anti-analysis tricks with the Lynx Project.
Some of my research has resulted in open-source contributions. Here are some highlights:
(In progress) — Linux kernel, LLVM project: KernelDataFlowSanitizer (KDFSAN), a generalized dynamic data flow analysis for the kernel
[Linux port | LLVM port | contact me for an up-to-date version]
(Submitted) — Linux kernel: Mitigate a memory corruption vulnerability in the DMA pool allocator [series]
📣 “Very cool finding, this is nice work!” –Greg KH [quote]
(Submitted) — Linux kernel: Fix hundreds of inconsistent DMA accesses in VMware’s VMXNET3 driver [series]
May 2024 — Linux kernel: Add a fix for unaligned I/O accesses and a regression test to KernelMemorySanitizer (KMSAN) [patch1 | patch2]
Apr. 2024 — Linux kernel: Improve the address‑to‑line script perf. by 15x [series]
Feb. 2022 — Linux kernel: Mitigate list iterator’s speculative type confusion bugs
[92 patches | co-work with Jakob Koschel]
📝 LWN coverage [article1 | article2]
Oct. 2016 — OpenVPN, Kerberos, others: Mitigate cases of the compiler optimizing out sensitive memory clear operations
Information Flow–Based Vulnerability Modeling
B. Johannesmeyer
PhD Thesis, Vrije Universiteit Amsterdam, 2026
Dynamic Detection of Vulnerable DMA Race Conditions [paper | slides | code]
B. Johannesmeyer, R. Isemann, C. Giuffrida, H. Bos
ACM CCS 2025
✅ Artifacts Evaluated: Available, Functional, Reproducible
Practical Data-Only Attack Generation [paper | slides | poster | code | video]
B. Johannesmeyer, A. Slowinska, H. Bos, C. Giuffrida
USENIX Security 2024
✅ Artifacts Evaluated: Available, Functional, Reproducible
🏆 CSAW Best Paper Award Runner-up
Data-Only Attacks Are Easier than You Think [web]
B. Johannesmeyer, H. Bos, C. Giuffrida, A. Slowinska
USENIX ;login: 2024
Kasper: Scanning for Generalized Transient Execution Gadgets in the Linux Kernel [paper | slides | poster | web | code | video]
B. Johannesmeyer, J. Koschel, K. Razavi, H. Bos, C. Giuffrida
NDSS 2022
🏆 DCSR Paper Award Runner-up
🏆 Qualcomm Innovation Fellowship Runner-Up for follow-up proposal
On the Effectiveness of Same-Domain Memory Deduplication
[paper | slides | web | code]
A. Costi, B. Johannesmeyer, E. Bosman, C. Giuffrida, H. Bos
ACM EuroSec 2022
Triton: A Software-Reconfigurable Federated Avionics Testbed [paper]
S. Crow, B. Farinholt, B. Johannesmeyer, K. Koscher, S. Checkoway, S. Savage, A. Schulman, A.C. Snoeren, K. Levchenko
USENIX CSET 2019
FaCT: A DSL for Timing-Sensitive Computation [paper | slides | code | video]
S. Cauligi, G. Soeller, B. Johannesmeyer, F. Brown, R.S. Wahby, J. Renner, B. Grégoire, G. Barthe, R. Jhala, D. Stefan
ACM PLDI 2019
✅ Artifacts Evaluated: Available, Functional
FaCT: A Flexible Constant-Time Programming Language [paper | slides | code]
S. Cauligi, G. Soeller, F. Brown, B. Johannesmeyer, Y. Huang, R. Jhala, D. Stefan
IEEE SecDev 2017
Dead Store Elimination (Still) Considered Harmful [paper | video]
Z. Yang, B. Johannesmeyer, A.T. Olesen, S. Lerner, K. Levchenko
USENIX Security 2017
A Generic Approach to Automatic Deobfuscation of Executable Code
[paper | web | code | video]
B. Yadegari, B. Johannesmeyer, B. Whitely, S. Debray
IEEE S&P 2015
🏆 CSAW Best Paper Award Runner-up
Identifying Understanding Self-Checksumming Defenses in Software [paper | web]
J. Qiu, B. Yadegari, B. Johannesmeyer, S. Debray, X. Su
ACM CODASPY 2015
A Framework for Understanding Dynamic Anti-Analysis Defenses [paper | web]
J. Qiu, B. Yadegari, B. Johannesmeyer, S. Debray, X. Su
ACM PPREW 2014